Which action will fulfill these requirements and maintain security?

By: study aws cloud

On: January 13, 2025

Tagged: Solutions Architect Associate

With: 0 Comments

A company has application running on Amazon EC2 instances in a VPC.One of the applications needs to call an Amazon S3 API to store and read objects.The company’s security policies restrict any internet-bound traffic from the applications.

Which action will fulfill these requirements and maintain security?

Configure an S3 interface endpoint.

Configure an S3 gateway endpoint.

Create an S3 bucket in a private subnet.

Create an S3 bucket in the same Region as the EC2 instance.

Explanations:

An S3 interface endpoint is not necessary for S3, as S3 uses a gateway endpoint instead. This option is relevant for services that do require interface endpoints.

An S3 gateway endpoint allows EC2 instances in a VPC to access S3 without needing an internet gateway, ensuring security by keeping traffic within the AWS network.

Creating an S3 bucket in a private subnet is not possible, as S3 buckets are not tied to a subnet but rather to the AWS region. This does not fulfill the requirement for secure access to S3.

While creating an S3 bucket in the same region as the EC2 instance is necessary for access, it does not address the requirement to avoid internet-bound traffic. The proper solution is to use a gateway endpoint.

Previous Post: Which design would you choose to meet these requirements?

Next Post: How should the Administrator implement this process?

Leave a Reply Cancel reply